<?php /* ADMIN $Id: vw_usr_perms.php,v 1.29.6.1 2006/12/10 10:33:17 ajdonnison Exp $ */
GLOBAL $AppUI, $user_id, $canEdit, $canDelete, $tab;

$perms =& $AppUI->acl();
$module_list = $perms->getModuleList();
$pgos = array();
$q  = new DBQuery;
$q->addTable('modules', 'm');
$q->addQuery('mod_id, mod_name, permissions_item_table');
$q->addWhere('permissions_item_table is not null');
$q->addWhere("permissions_item_table <> ''");
$pgo_list = $q->loadHashList('mod_name');
$q->clear();

// Build an intersection array for the modules and their listing
$modules = array();
$offset = 0;
foreach ($module_list as $module) {
	$modules[ $module['type'] . ',' . $module['id']] = $module['name'];
	if ($module['type'] = 'mod' && isset($pgo_list[$module['name']]))
		$pgos[$offset] = $pgo_list[$module['name']]['permissions_item_table'];
	$offset++;
}
$count = 0;

//Pull User perms
$user_acls = $perms->getUserACLs($user_id);
if (! is_array($user_acls))
	$user_acls = array(); // Stops foreach complaining.
$perm_list = $perms->getPermissionList();

?>

<script language="javascript">
<?php
// security improvement:
// some javascript functions may not appear on client side in case of user not having write permissions
// else users would be able to arbitrarily run 'bad' functions
if ($canEdit) {
?>
function editPerm( id, gon, it, vl, nm ) {
	var f = document.frmPerms;

	f.sqlaction2.value = "<?=$AppUI->_('edit')?>";

	f.permission_id.value = id;
	f.permission_item.value = it;
	f.permission_item_name.value = nm;
	for(var i=0, n=f.permission_grant_on.options.length; i < n; i++) {
		if (f.permission_module.options[i].value == gon) {
			f.permission_module.selectedIndex = i;
			break;
		}
	}
	f.permission_value.selectedIndex = vl+1;
	f.permission_item_name.value = nm;
}

function clearIt(){
	var f = document.frmPerms;
	f.sqlaction2.value = "<?=$AppUI->_('add')?>";
	f.permission_id.value = 0;
	f.permission_grant_on.selectedIndex = 0;
}

function delIt(id) {
	if (confirm( 'Are you sure you want to delete this permission?' )) {
		var f = document.frmPerms;
		f.del.value = 1;
		f.permission_id.value = id;
		f.submit();
	}
}

var tables = new Array;
<?php
	foreach ($pgos as $key => $value){
		// Find the module id in the modules array
		echo "tables['$key'] = '$value';\n";
	}
?>

function popPermItem() {
	var f = document.frmPerms;
	var pgo = f.permission_module.selectedIndex;

	if (!(pgo in tables)) {
		alert( '<?=$AppUI->_('No list associated with this Module.', UI_OUTPUT_JS)?>' );
		return;
	}
	f.permission_table.value = tables[pgo];
	window.open('index.php?m=public&a=selector&dialog=1&callback=setPermItem&table=' + tables[pgo], 'selector', 'left=50,top=50,height=250,width=400,resizable')
}

// Callback function for the generic selector
function setPermItem( key, val ) {
	var f = document.frmPerms;
	if (val != '') {
		f.permission_item.value = key;
		f.permission_item_name.value = val;
		f.permission_name.value = val;
	} else {
		f.permission_item.value = '0';
		f.permission_item_name.value = 'all';
		f.permission_table.value = '';
	}
}
<?php } ?>
</script>
<table width="100%" border="0" cellpadding="7" cellspacing="0" class="infopanel">
<tr>
<td align="right">
<? if ($canEdit) { ?>
	<input type="button" value="<?=$AppUI->_('Add Permission')?>" onclick="Dialog('idPermDialog').show()"/>
<? } ?>
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="2" cellspacing="0" class="list">
<tr>
	<th width="50%"><?=$AppUI->_('Module')?></th>
	<th width="50%"><?=$AppUI->_('Item')?></th>
	<th nowrap><?=$AppUI->_('Type')?></th>
	<th nowrap><?=$AppUI->_('Status')?></th>
	<th class="last"><img src="images/blank.gif" width="12" height="12"/></th>
</tr>

<?php
	foreach ($user_acls as $acl){
		$buf = '';
		$permission = $perms->get_acl($acl);

		if (is_array($permission)) {
			$modlist = array();
			$itemlist = array();
			if (is_array($permission['axo_groups'])) {
				foreach ($permission['axo_groups'] as $group_id) {
					$group_data = $perms->get_group_data($group_id, 'axo');
					$modlist[] = $AppUI->_($group_data[3]);
					$itemlist[] = $AppUI->_('ALL');
				}
			}
			if (is_array($permission['axo'])) {
				foreach ($permission['axo'] as $key => $section) {
					// Find the module based on the key
					$mod_info = $perms->get_object_full($key, 'app', 1, 'axo');
					$modlist[] = $AppUI->_($mod_info['name']);
					foreach ($section as $id) {
						$mod_data = $perms->get_object_full($id, $key, 1, 'axo');
						$itemlist[] = $AppUI->_($mod_data['name']);
					}
				}
			}
			$buf .= '<td>'.implode('<br/>', $modlist).'</td><td>'.implode('<br/>', $itemlist).'</td>';

			$perm_type = array();
			if (is_array($permission['aco'])) {
				foreach ($permission['aco'] as $key => $section) {
					foreach ($section as $value) {
						$perm = $perms->get_object_full($value, $key, 1, 'aco');
						$perm_type[] = $AppUI->_($perm['name']);
					}
				}
			}
			$buf .= '<td>'.implode('<br/>', $perm_type).'</td>';

			// Allow or deny
			$buf .= '<td>' . $AppUI->_( $permission['allow'] ? 'allow' : 'deny' ) . '</td>';
			$buf .= '<td>';
			if ($canDelete) {
				$buf .= '<a href="javascript:delIt('.$acl.')" title="'.$AppUI->_('delete').'">'
					. '<img src="images/common_delete.gif"></a>';
			}
			$buf .= '</td>';

			echo '<tr class="second">'.$buf.'</tr>';
		}
	}
?>
</table>

<? if ($canEdit) { ?>
<div id="idPermDialog" class="popup" style="visibility: hidden" autohide="click">
<table cellspacing="0" cellpadding="4" border="0" width="350px">
<form name="frmPerms" method="post" action="?m=admin">
	<input type="hidden" name="del" value="0" />
	<input type="hidden" name="dosql" value="do_perms_aed" />
	<input type="hidden" name="user_id" value="<?=$user_id?>" />
	<input type="hidden" name="permission_user" value="<?=$perms->get_object_id('user', $user_id, 'aro')?>" />
	<input type="hidden" name="permission_id" value="0" />
	<input type="hidden" name="permission_item" value="0" />
	<input type="hidden" name="permission_table" value="" />
	<input type="hidden" name="permission_name" value="" />
<tr>
	<th colspan="2" bgcolor="#E0E0E0"><?=$AppUI->_('Add Permissions')?></th>
</tr>
<tr>
	<td align="right"><?=$AppUI->_('Module')?></td>
	<td width="100%"><?=arraySelect($modules, 'permission_module', 'size="1" class="text"', 'grp,all', true)?></td>
</tr>
<!--tr>
	<td align="right"><?=$AppUI->_('Item')?></td>
	<td colspan="<?=$n-1?>">
		<input type="text" name="permission_item_name" class="text" size="30" value="all" disabled>
		<input type="button" name="" class="text" value="..." onclick="popPermItem();">
	</td>
</tr-->
<tr>
	<td align="right" valign="top" style="padding-top: 10px"><?=$AppUI->_('Permission')?></td>
	<td>
		<select name="permission_access" class="text">
			<option value='1'><?=$AppUI->_('allow')?></option>
			<option value='0'><?=$AppUI->_('deny')?></option>
		</select>
		<table border="0" cellpadding="2" cellspacing="0" width="100%"
			style="border: 1px solid #E0E0E0; border-right: 0px solid #000; margin-top: 4px">
		<tr bgcolor="#F0F0F0">
		<?	foreach ($perm_list as $perm_id => $perm_name) { ?>
			<td align="center" width="20%" style="border-right: 1px solid #E0E0E0">
				<?=$AppUI->_($perm_name)?>
			</td>
		<?	} ?>
		</tr>
		<tr>
		<?	foreach ($perm_list as $perm_id => $perm_name) { ?>
			<td align="center" style="border-right: 1px solid #E0E0E0; border-top: 1px solid #E0E0E0">
				<input type='checkbox' name='permission_type[]' value='<?=$perm_id?>'>
			</td>
		<?	} ?>
		</tr>
		</table>
	</td>
</tr>
<tr>
	<td colspan="2" align="center" style="border-top: 1px solid #E0E0E0; padding: 6px">
		<input type="button" value="<?=$AppUI->_('clear')?>" class="button" name="sqlaction" onClick="clearIt()">
		<input type="submit" value="<?=$AppUI->_('add')?>" class="button" name="sqlaction2">
		<input type="button" value="<?=$AppUI->_('close')?>" class="button" onClick="Dialog('idPermDialog').hide()">
	</td>
</tr>
</form>
</table>
</div>
<?php } ?>
